<?php
class User{
	
	//variables de la classe user
	private $u_login;
	private $u_id;
	private $u_access;//0:anonyme 1:authentifier 2:admin
	private $u_last_login;
	private $u_hash;
	public $message;
	
	//constructeur
	function __construct() {
		$this->u_access = 0;
		$this->u_login ="anonyme";
		$this->message = new Message();
	}
	
	//accesseur
	function __get($value){
		if('access' == $value) {
			return $this->u_access;
		}
		elseif('login' == $value){
			return $this->u_login;
		}
		elseif('last_login' == $value){
			return $this->u_last_login;
		}
		elseif('hash' == $value){
			return $this->u_hash;
		}
		elseif('id' == $value){
			return $this->u_id;
		}
		else{
			return "error invalid argument";
		}
	}
	
	//function public
	public function check_password($login,$password){
		$sql_query = mysql_query("Select id,last_connect,passwd,access from ".DATABASE_TABLE_USER." WHERE login = '".$login."' ORDER BY `id` ASC") or die(mysql_error());
		while ($query = mysql_fetch_array($sql_query)){
			if (md5($password)==$query['passwd']){
				$this->u_login = $login;
				$this->u_id = $query['id'];
				$this->u_access = $query['access'];
				$this->u_last_login=$query['last_connect'];
				$this->u_hash = md5($query['passwd']+$login);
				Log::add_log("connection of ".mysql_escape_string($login));
				mysql_query("UPDATE ".DATABASE_TABLE_USER." SET last_connect = ".time()." WHERE login = '".$login."'")  or die ('Erreur : '.mysql_error());
				
				$timestamp_expire = time() + 10*365*24*3600;
				$cookie_value = $this->u_hash;
				setcookie('authen', $cookie_value, $timestamp_expire);
				setcookie('login',$login,$timestamp_expire);
				return true;		
			}
		}	
	return false;
	}
	
	public function check_cookie(){
		if (isset($_COOKIE['authen']) and isset($_COOKIE['login']) ){
			$login = mysql_escape_string($_COOKIE['login']);
			$sql_query = mysql_query("Select id,last_connect,passwd,access from ".DATABASE_TABLE_USER." WHERE login = '".$login."' ORDER BY `id` ASC");
			while ($query = mysql_fetch_array($sql_query)){
				if (md5($query['passwd']+$login) == $_COOKIE['authen'] ){
					$this->u_login = $login;
					$this->u_id = $query['id'];
					$this->u_access = $query['access'];
					$this->u_last_login=$query['last_connect'];
					$this->u_hash = md5($query['passwd']+$login);
					mysql_query("UPDATE ".DATABASE_TABLE_USER." SET last_connect = ".time()." WHERE login = '".$login."'");
					Log::add_log("connection of ".mysql_escape_string($login));
					return true;
				}
				
			}
		}
		return false;
	}
	
	public function set_new_password($oldpasswd,$newpasswd){
		$sql_query = mysql_query("Select passwd from ".DATABASE_TABLE_USER." WHERE login = '".$this->u_login."' ORDER BY `id` ASC");
		while ($query = mysql_fetch_array($sql_query)){
			if (md5($oldpasswd)==$query['passwd']){
				$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_USER." SET passwd = '".md5($newpasswd)."' WHERE login = '".$this->u_login."' LIMIT 1");
				return true;
			}
			else{
				$this->message->addError("Invalid old password");
			}
		}
		return false;
	}
	
	public function getMenuStatus(){
		if(isset($_COOKIE['menu_status'])){
			if($_COOKIE['menu_status'] == "fixed" OR $_COOKIE['menu_status'] == "relative"){
				return $_COOKIE['menu_status'];
			}else{
				return "fixed";
			}
		}
		return "fixed";
	}
	
	public function setMenuStatus($status){
		if($status == "fixed" OR $status == "relative"){
			$var = $status;
		}else{
			$var = "fixed";
		}
		$timestamp_expire = time() + 10*365*24*3600;
		setcookie('menu_status',$var,$timestamp_expire);
	}
	
	//static function
	public static function disconnect_user(){
		Log::add_log("disconnect user");
	
		$_SESSION['active'] = 0;
		$_SESSION['user'] = false;
		
		setcookie('authen', "false", 1);
		setcookie('login',"false",1);
	}
	
	
	private static function check_user_exist($login,$email){
		$login = mysql_real_escape_string(htmlspecialchars($login));
		$email = mysql_real_escape_string(htmlspecialchars($email));
		$num =mysql_num_rows(mysql_query("SELECT id from ".DATABASE_TABLE_USER."
					WHERE login = '$login' OR email = '$email'"));
		if ($num >=1){
			return true;
		}else{
			return false;
		}
	}
	
	private static function check_email($email){
	if( preg_match( "/^([a-zA-Z0-9])+([a-zA-Z0-9._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9._-]+)+$/", $email)){ 
		  	return true;
	}else{
			return false;
		}
	}
	
	public static function add_user($login,$password,$access,$email){
		global $user;
		if(! User::check_user_exist($login,$email)){
			if(User::check_email($email)){
				Log::add_log("Ajout d'un user : ".$login);
				$login = mysql_real_escape_string(htmlspecialchars($login));
				$password = md5($password);
				if ($access == "0" or $access =="1" or $access =="2"){
					$access = mysql_real_escape_string(htmlspecialchars($access));
				}else{
					$access = "0";
				}
				mysql_query("INSERT INTO ".DATABASE_TABLE_USER." (id,login,passwd,access,last_connect,email) VALUES(LAST_INSERT_ID() ,'$login', '$password','$access',NULL,'$email')");
			}else{
				$user->message->addError("Invalid Email");
			}	
		}else{
			$user->message->addError("User already exist");
		}
	}
		
	public static function remove_user($box){
		$tablength = count($box);
		$i = 0;
		while ($i!=$tablength){
			$sql_query = mysql_query("SELECT login FROM ".DATABASE_TABLE_USER." WHERE `id` = $box[$i]");
			while ($query = mysql_fetch_array($sql_query) ){
				Log::add_log("remove d'un user : ".$query['login']);	
			}
			mysql_query("DELETE FROM ".DATABASE_TABLE_USER." WHERE `id` = $box[$i]");
			$i++;
		}
	}

	public static function detect_ie()
	{
	    if (isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 8') != true)
	     && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') != false))
	        return true;
	    else
	        return false;
	}
	
	public static function send_email($id,$subject,$message){
		$errbool = FALSE;
		global $user,$email_from,$email_reply;
		if(isset($id) and $id != ""){
			$sql_query=mysql_query("SELECT login,email FROM ".DATABASE_TABLE_USER." WHERE id = ".$id);
			while($query=mysql_fetch_array($sql_query)){
				    $headers = "Return-Path: $email_from". "\n";
					$headers .= "From: $email_from". "\n";
					$headers .= "X-Mailer: PHP ".phpversion()."\n";
					$headers .= "Reply-To: $email_reply". "\n";
					$headers .= "Organization: http://search.podzone.org". "\n";
					$headers .= "X-Priority: 3 (Normal)". "\n";
					$headers .= "Mime-Version: 1.0". "\n";
					$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n";
					
					$message=trim(stripslashes(nl2br(htmlspecialchars($message))));
					
				if(! mail($query['email'],"SEARCH : ".$subject,$message,$headers)){
					$user->message->addError("EMAIL ERROR ".$query['login']);
					$errbool = TRUE;
				}else{
					Log::add_log("Email send to ".$query["login"]);
				}
			}
			if($errbool==False){
				$user->message->addInfo("Email Send");
			}
		}else{
			$user->message->addError("EMAIL Invalid");
		}
	}

}
?>
